Cybersecurity

The Value of Doing Regular Security Assessments

The context of the writing comes from my Systems Security & Auditing course. With innovation or process improvements comes risk, and if there is a risk, threat actors will exploit it. In today’s threat landscape, being vigilant isn’t an option but rather a must. If you are an executive, ask yourself if a data breach occurs, are you prepared to tell our customers and lawmakers you’ve done everything possible to protect the company’s data and assets and been compliant with regulatory laws? If the answer is, I’m not sure, or I don’t have the answer. Then you should consult with...

Continue reading...

Cyber Threat Landscape (Pre-Attack) Reducing Social Media Footprint (part 1)

The context of this writing: I took a course on Designing and Building a Cybersecurity Program and have written many papers during the course. Below is a revised/shorten snippet from one of my essay papers. According to the New York Times, hackers are having a field day targeting employees on their social media platforms. This type of targeting isn’t anything new; however, it has been increasing and is attracting new hackers. For most employees, their activities outside of work, like social media platforms, are a personal endeavor they use to connect with friends and family members. Some don’t see how...

Continue reading...

Cyber Threat Landscape (Pre-Attack) Reducing Social Media Footprint (part 2)

The context of this writing: I took a course on Designing and Building a Cybersecurity Program and have written many papers during the course. Below is a revised/shorten snippet from one of my essay papers. In 2020 our country was going through a crisis that has brought many states within our country to a standstill, and our healthcare organization’s services were being maxed out. During that time, our society’s immoral actors used chaos to launch cyberattacks campaigns on many healthcare organizations. These cyber-attacks started with reconnaissance work and information gathering. Many healthcare institutions were getting hammered with attacks reported by...

Continue reading...

What if you are compromised by a Zero Day?

First, to mitigate zero-days, you must have systems and people in place that can quickly locate zero-day exploits and patch them as soon as found. However, zero-day exploits are the most challenging digital attack to prevent and fix; once they’re discovered, it takes highly skilled IT professionals to promptly understand the problem and its impacts on the organizational infrastructure. Once the discovery has been made, you’ll need to mobilize a team to get it done promptly.  Mobilizing a team should have an Incident Response Plan. An incident response plan is a set of instructions to help IT staff detect, respond to, and...

Continue reading...

BitSight

BitSight: https://www.bitsight.com/ There are many vulnerability scanning tools in the marketplace, each with specialty solutions. These tools are for scanning other sections of the IT Domains, but it’s all a mesh of tools that solve a particular job. BitSight takes it a bit further, which does a scan and compare. BitSight is a cybersecurity rating company that analyzes your organization’s security. It scans your entire infrastructure, alerts you on vulnerabilities, and rates your security risk. The neat thing about this SaaS software, it gives you a security score like a credit score. Think of it as a gap analysis; the...

Continue reading...

Application Layered Security

In an IT organization, you have Layered Security which is layers of controls within your system. Think of it as an onion with multiple layers. At each layer, the controls prevent attackers from getting to the core.  Building an application, you will also need these same types of layers of control. As a Web Application developer, I build layers of controls into applications, for example; the development application layers for security I would include are: The end-user layer: Write front-end code JS to sanitize strings and data, and validation where needed Adding Authentication using Multi Factor-Auth (MFA) Back-end controller authenitcaiton...

Continue reading...

Platform Wars on Security

The argument between which platform is more secure is an ambiguous interpretation, and always someone’s selective measurement. No platform is more or less safe than its competitors, and it simply comes down to individual security hygiene and their level of security knowledge. If you’re one of those people who sees an 80% coupon in your email box and then click on the link(s), chances are you’re getting malware installed on your machine, in essence, an infected machine. This has nothing to do with Mac or Windows; it was simply someone being naive not to review the source URL and know...

Continue reading...